All geek questions in one place

CakePHP Blackhole API - validatePost disable work?

We recently migrated our application from http to https because of simple password logins via the API.

However, since we are making real problems with Blackholes. The cake seems like a black hole to any POST for the API function inside our controller, despite

$this->Security->validatePost = false;

installed in AppController.php

We are using CakePHP version 2.1.3

Sample code is as follows:

AppController.php:

 function beforeFilter() { $this->Security->validatePost = false; $this->Security->requireSecure(); }

SaleOrderController.php:

 function beforeFilter() { parent::beforeFilter(); $this->Auth->allow('addApi'); // Allow access to the API without logging in. }

POSTing to this URL returns the following message: "The request was black"

As soon as we can get this work (without being crossed out), we will configure it so that only certain actions are performed using validatePost = false. However, for now, we just want the system to work.

Note. GET requests to action work fine (not crossed out).

Am I missing some simple configuration here or is there some deeper problem at work? The security module seems a bit meager in the documentation, and from my Google searches, it seems like most people avoided blackworms by following the same steps that I have.

+4
source share
2 answers

Causes the following: CakePHP 2.X has no effect:

$ this-> Security-> enabled = false;

To disable components, you need to follow this document: http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html

My problem was with CSRF protection, which I think might be new in CakePHP 2.X? In any case, I needed to add the following line in my SaleOrderController beforeFilter function:

$ this-> Security-> csrfCheck = false;

Now my entire BeforeFilter function:

 function beforeFilter() { parent::beforeFilter(); $this->Auth->allow('addApi'); // Allow access to the API without logging in. if (isset($this->Security) && $this->action == 'addApi') { $this->Security->csrfCheck = false; $this->Security->validatePost = false; } }
+8
source

See URL below

CakePHP: Disable Security Component Component

Disable CakePHP input elements using security component and jQuery

http://life.mysiteonline.org/archives/175-Disable-the-Security-Component-in-CakePHP-only-for-Certain-Actions.html

http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html

http://api.cakephp.org/class/security-component

Or try:

Even if you disable it in your app_controller, your individual controller can enable this protection. Since my wild guess is that this is what you want to do. If not tell me more about this.

 function beforeFilter(){ parent::beforeFilter(); if(isset($this->Security) && $this->RequestHandler->isAjax() && $this->action = 'add'){ $this->Security->enabled = false; } }
+1
source

Source: https://habr.com/ru/post/1432416/

More articles:


All Articles